Hello everyone,
I have been suffering attacks on my computer for a while now and I disbelieved that I could have a virus in some sector marked as bad block on my ssd ...
searching now on the internet I came across this article that seems to have given me a light explaining that it is possible for malware to be hidden in spaces reserved for bad blocks in ssd, is that right?
Does anyone know any software that is possible to erase or rewrite these sectors? I've tried using HDPARM to sanitize my ssd and do Wipe several times but without any results ...
I would appreciate it if anyone could help ...
This is article...
Profile photo for Izaac Wilkowski
Izaac Wilkowski
, former Bitcoin Flipper
Answered 3 years ago ยท Author has 51 answers and 140.3K answer views
contrary to what everyone is saying, within ssd based devices they can.
This is because they can abuse the marking of bad blocks within the device.
But let's go back a step. SSDs fail at a much faster rate than other drives. As a result, processes exist to handle areas of memory just disappearing. At the level of the drive a byte of the sector is changed to indicate that this sector is bad, but this can be done by an attacker and the bad block table can be updated to reflect the attackers change. To anyone outside the device, to any program with the device, and to the operating system, everything within that sector is garbage and is ignored. But if that area isn't garbage, but instead a malicious codebase, the attacker has just created an elaborate hidden partition within the drive.
Astoundingly, you can still force a read/write request to bad blocks (at least on android at the time of this research) so attackers can freely use this space. Next other elaborate tricks can be performed, but that is another subject.
What is important about this attack is that programs need to respect the bad block table in order to function. Operating systems have to believe these sectors are bad, and upon reinstall this table is not rechecked. Which means that this style of attack persists through reinstall, cannot be found by conventional antivirus and looks like normal hard drive wear. It is long term, untraceable, and can be weaponized easily.
https://www.quora.com/Can-malware-or-rootkits-survive-wiping-SSD-or-HDD-during-OS-reinstallation